package com.youhome.clients.config;

import com.youhome.clients.handler.CustomLogoutSuccessHandler;
import com.youhome.service.service.AuthenticationService;
import com.youhome.service.service.LoginPersistenceService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;


/**
 * Created by philip on 5/19/17.
 */
@Configuration
@EnableWebSecurity
public class WebSecurity extends WebSecurityConfigurerAdapter {
    private final PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private LoginPersistenceService loginPersistenceService;

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http
                //禁用CSRF保护
                .csrf().disable()
                //配置安全策略
                .authorizeRequests()
                //定义请求不需要验证
                .antMatchers("/",
                        "/swagger-ui.html",
                        "/swagger-resources/**",
                        "/webjars/**",
                        "/v2/api-docs",
                        "/login",
                        "/exit",
                        "/register",
                        "/home/**",
                        "/sms/code/**",
                        "/test/**"

                ).permitAll()

                //开放 options 请求
                .antMatchers(HttpMethod.OPTIONS,
                        "/mail/photo/upload",
                        "/house/photo/upload",
                        "/own/house/upload",
                        "/house/photo/multi/upload",
                        "/template/html/data/save",
                        //,"/**" //开放所有options 请求   (不成功)

                        "/tag/delete",
                        "/tag/update",
                        "/template/html/data/issue",
                        "/template/html/submit/audit",
                        "/house/delete",
                        "/sharegroup/delete",
                        "/sharegroup/delete/**",
                        "/counselor/delete",
                        "/counselor/istop",
                        "/counselor/sort",
                        "/counselor/update",
                        "/client/delete",
                        "/client/update",
                        "/recommendhouse/delete",
                        "/recommendhouse/delete/all",
                        "/recommendhouse/sort",
                        "/message/message/delete",
                        "/message/message/update/status",
                        "/own/house/delete/**",
                        "/recommend/house/delete",
                        "/recommend/house/delete/all",
                        "/upload/**",
                        "/own/**",
                        "/uploading",
                        "/delete/photo/**"

                ).permitAll()

                //其他的请求都必须要有权限认证
                .anyRequest().authenticated()
                .and()
                .logout().permitAll()//定义logout不需要验证
                .logoutRequestMatcher(new AntPathRequestMatcher("/exit", "GET"))
                .clearAuthentication(true)//清除认证信息
                .invalidateHttpSession(true)//使session失效
                .logoutSuccessHandler(new CustomLogoutSuccessHandler())
                .and()
                //开启cookie保存用户数据
                .rememberMe()
                .rememberMeParameter("always-remember").tokenRepository(loginPersistenceService);

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(authenticationService).passwordEncoder(passwordEncoder);
    }


}
